C
CISA
Guest
Original release date: September 12, 2022
Back to top
Back to top
Back to top
Back to top
This product is provided subject to this Notification and this Privacy & Use policy.
Continue reading...
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- airflow | In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. | 2022-09-02 | not yet calculated | CVE-2022-38054 CONFIRM MLIST |
apache -- airflow | In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. | 2022-09-02 | not yet calculated | CVE-2022-38170 CONFIRM MLIST MLIST |
apache -- iotdb | Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. | 2022-09-05 | not yet calculated | CVE-2022-38369 MISC MLIST |
apache -- iotdb | Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. | 2022-09-05 | not yet calculated | CVE-2022-38370 MISC MLIST |
apache -- ofbiz | Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. | 2022-09-02 | not yet calculated | CVE-2022-25370 CONFIRM MLIST MLIST |
apache -- ofbiz | Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. | 2022-09-02 | not yet calculated | CVE-2022-25371 CONFIRM MLIST MLIST |
apache -- ofbiz | In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. | 2022-09-02 | not yet calculated | CVE-2022-25813 CONFIRM MLIST |
apache -- ofbiz | The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646. | 2022-09-02 | not yet calculated | CVE-2022-29063 CONFIRM MLIST |
apache -- ofbiz | Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 | 2022-09-02 | not yet calculated | CVE-2022-29158 CONFIRM MLIST |
appsmith -- appsmith | Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. | 2022-09-05 | not yet calculated | CVE-2022-39824 MISC MISC |
asp.net_core -- miniblog.core | Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. | 2022-09-02 | not yet calculated | CVE-2022-37679 MISC |
atlassian -- jira | The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. | 2022-09-05 | not yet calculated | CVE-2022-38367 MISC MISC |
avaya -- ip_office_admin_lite_and_usb_creator | A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | 2022-09-02 | not yet calculated | CVE-2021-25657 CONFIRM |
bitdefender -- bitdefender_gravityzone_console | Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2. | 2022-09-05 | not yet calculated | CVE-2022-2830 MISC |
blackboard -- learn | Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. | 2022-09-05 | not yet calculated | CVE-2022-39196 MISC |
blogengine -- blogengine | BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | 2022-09-02 | not yet calculated | CVE-2022-36600 MISC |
chatwoot -- chatwoot | Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. | 2022-09-06 | not yet calculated | CVE-2022-2901 MISC CONFIRM |
cotonti -- siena | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. | 2022-09-05 | not yet calculated | CVE-2022-39839 MISC |
cotonti -- siena | Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). | 2022-09-05 | not yet calculated | CVE-2022-39840 MISC |
databasir -- databasir | Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. | 2022-09-02 | not yet calculated | CVE-2022-31196 MISC CONFIRM MISC |
dell -- multiple_products | Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | 2022-09-02 | not yet calculated | CVE-2022-34382 MISC |
dell -- powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | 2022-09-02 | not yet calculated | CVE-2022-34371 MISC |
dell -- powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | 2022-09-02 | not yet calculated | CVE-2022-34369 MISC |
dell -- powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | 2022-09-02 | not yet calculated | CVE-2022-34378 MISC |
discourse -- discourse | Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. | 2022-09-02 | not yet calculated | CVE-2022-37458 MISC MISC MISC |
dokuwiki -- dokuwiki | Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | 2022-09-05 | not yet calculated | CVE-2022-3123 MISC CONFIRM |
drakkan -- sftpgo | SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. | 2022-09-02 | not yet calculated | CVE-2022-36071 MISC CONFIRM |
drawio -- drawio | Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. | 2022-09-05 | not yet calculated | CVE-2022-3127 CONFIRM MISC |
drawio -- drawio | Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | 2022-09-02 | not yet calculated | CVE-2022-3065 CONFIRM MISC |
gagliardetto -- binary | Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. | 2022-09-02 | not yet calculated | CVE-2022-36078 CONFIRM MISC MISC |
garage_management_system -- garage_management_system | An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | 2022-09-02 | not yet calculated | CVE-2022-36638 MISC MISC |
garage_management_system -- garage_management_system | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | 2022-09-02 | not yet calculated | CVE-2022-36636 MISC MISC |
garage_management_system -- garage_management_system | Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | 2022-09-02 | not yet calculated | CVE-2022-36637 MISC MISC |
garage_management_system -- garage_management_system | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | 2022-09-02 | not yet calculated | CVE-2022-36639 MISC MISC |
geonetwork -- geonetwork | A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. | 2022-09-05 | not yet calculated | CVE-2021-28398 MISC CONFIRM MISC MISC |
grafana -- grafana_image_renderer | Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). | 2022-09-02 | not yet calculated | CVE-2022-31176 CONFIRM MISC |
hitachi -- raid_manager_storage_replicationadapter | OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | 2022-09-06 | not yet calculated | CVE-2022-34883 MISC |
hitachi -- raid_manager_storage_replicationadapter | Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | 2022-09-06 | not yet calculated | CVE-2022-34882 MISC |
ibm -- 123elf_lotus_1-2-3 | 123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document. | 2022-09-05 | not yet calculated | CVE-2022-39843 MISC MISC |
kkfileview -- kkfileview | kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | 2022-09-02 | not yet calculated | CVE-2022-36593 MISC |
libdwarf -- libdwarf | libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. | 2022-09-02 | not yet calculated | CVE-2022-39170 MISC MISC |
libvnclient -- libvnclient | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | 2022-09-02 | not yet calculated | CVE-2020-29260 MISC |
linux -- bluez | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | 2022-09-02 | not yet calculated | CVE-2022-39177 MISC MISC |
linux -- bluez | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | 2022-09-02 | not yet calculated | CVE-2022-39176 MISC MISC |
linux -- linux_kernel | An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | 2022-09-02 | not yet calculated | CVE-2022-39189 MISC MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | 2022-09-02 | not yet calculated | CVE-2022-39190 MISC MISC MISC MISC |
linux -- linux_kernel | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. | 2022-09-05 | not yet calculated | CVE-2022-39842 MISC MISC |
linux -- linux_kernel | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | 2022-09-02 | not yet calculated | CVE-2022-39188 MISC MISC MISC MISC MISC |
mediawiki -- mediawiki | An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. | 2022-09-02 | not yet calculated | CVE-2022-39194 MISC |
modsecurity -- owasp-modsecurity-crs | Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. | 2022-09-02 | not yet calculated | CVE-2020-22669 CONFIRM MISC |
mybatis -- mapper | Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | 2022-09-02 | not yet calculated | CVE-2022-36594 MISC |
nodebb -- nodebb | NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | 2022-09-02 | not yet calculated | CVE-2022-36076 MISC CONFIRM MISC |
online_food_ordering_system -- online_food_ordering_system | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | 2022-09-02 | not yet calculated | CVE-2022-36759 MISC |
otrs_ag -- otrs | Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 2022-09-05 | not yet calculated | CVE-2022-39051 CONFIRM |
otrs_ag -- otrs | An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap | 2022-09-05 | not yet calculated | CVE-2022-39050 CONFIRM |
otrs_ag -- otrs | An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. | 2022-09-05 | not yet calculated | CVE-2022-39049 CONFIRM |
pfsense -- pfblockerng | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. | 2022-09-05 | not yet calculated | CVE-2022-31814 MISC MISC |
pkuvcl -- pkuvcl_davs2 | PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. | 2022-09-02 | not yet calculated | CVE-2022-36647 MISC |
prestashop -- prestashop | This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2. | 2022-09-02 | not yet calculated | CVE-2022-35933 CONFIRM MISC |
pspp -- pspp | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 2022-09-05 | not yet calculated | CVE-2022-39832 MISC |
pspp -- pspp | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. | 2022-09-05 | not yet calculated | CVE-2022-39831 MISC |
publiccms -- publiccms | Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | 2022-09-02 | not yet calculated | CVE-2021-27693 MISC MISC |
qualcomm -- snapdragon | Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-25680 CONFIRM |
qualcomm -- snapdragon | Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-22069 CONFIRM |
qualcomm -- snapdragon | Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22096 CONFIRM |
qualcomm -- snapdragon | Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35122 CONFIRM |
qualcomm -- snapdragon | Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-09-02 | not yet calculated | CVE-2022-22080 CONFIRM |
qualcomm -- snapdragon | Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-22070 CONFIRM |
qualcomm -- snapdragon | Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22067 CONFIRM |
qualcomm -- snapdragon | Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22099 CONFIRM |
qualcomm -- snapdragon | An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-09-02 | not yet calculated | CVE-2022-22062 CONFIRM |
qualcomm -- snapdragon | Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22061 CONFIRM |
qualcomm -- snapdragon | Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22059 CONFIRM |
qualcomm -- snapdragon | Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35108 CONFIRM |
qualcomm -- snapdragon | Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35097 CONFIRM |
qualcomm -- snapdragon | Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35132 CONFIRM |
qualcomm -- snapdragon | Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35133 CONFIRM |
qualcomm -- snapdragon | Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT | 2022-09-02 | not yet calculated | CVE-2022-22097 CONFIRM |
qualcomm -- snapdragon | Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22098 CONFIRM |
qualcomm -- snapdragon | A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35135 CONFIRM |
qualcomm -- snapdragon | Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25657 CONFIRM |
qualcomm -- snapdragon | Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25668 CONFIRM |
qualcomm -- snapdragon | Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35134 CONFIRM |
qualcomm -- snapdragon | Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22101 CONFIRM |
qualcomm -- snapdragon | Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22102 CONFIRM |
qualcomm -- snapdragon | Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25659 CONFIRM |
qualcomm -- snapdragon | Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22104 CONFIRM |
qualcomm -- snapdragon | Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22106 CONFIRM |
qualcomm -- snapdragon | Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35113 CONFIRM |
qualcomm -- snapdragon | Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25658 CONFIRM |
qualcomm -- snapdragon | Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22100 CONFIRM |
qualcomm -- snapdragon | Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35109 CONFIRM |
rosariosis -- rosariosis | Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. | 2022-09-06 | not yet calculated | CVE-2022-2714 CONFIRM MISC |
samsung -- mtower | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | 2022-09-05 | not yet calculated | CVE-2022-39830 MISC MISC MISC |
samsung -- mtower | There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. | 2022-09-05 | not yet calculated | CVE-2022-39829 MISC MISC MISC |
samsung -- mtower | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. | 2022-09-05 | not yet calculated | CVE-2022-39828 MISC MISC MISC |
snakeyaml -- snakeyaml | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | 2022-09-05 | not yet calculated | CVE-2022-38749 MISC MISC |
snakeyaml -- snakeyaml | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | 2022-09-05 | not yet calculated | CVE-2022-38750 MISC MISC |
snakeyaml -- snakeyaml | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | 2022-09-05 | not yet calculated | CVE-2022-38751 MISC MISC |
snakeyaml -- snakeyaml | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | 2022-09-05 | not yet calculated | CVE-2022-38752 MISC MISC |
sourcecodehero -- sourcecodehero_erp_system_project | A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability. | 2022-09-04 | not yet calculated | CVE-2022-3118 MISC MISC |
sourcecodester -- clinics_patient_management_system | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. | 2022-09-05 | not yet calculated | CVE-2022-3122 MISC MISC |
sourcecodester -- clinics_patient_management_system | A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847. | 2022-09-05 | not yet calculated | CVE-2022-3120 MISC MISC |
sourcecodester -- clinic’s_patient_management_system | Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | 2022-09-02 | not yet calculated | CVE-2022-36609 MISC |
sourcecodester -- expense_management_system | Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. | 2022-09-02 | not yet calculated | CVE-2022-36754 MISC |
sourcecodester -- online_employee_leave_management_system | A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. | 2022-09-05 | not yet calculated | CVE-2022-3121 MISC |
synapse -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. | 2022-09-02 | not yet calculated | CVE-2022-31152 MISC MISC MISC CONFIRM |
systematic_fix_adapter -- systematic_fix_adapter | Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. | 2022-09-05 | not yet calculated | CVE-2022-39838 MISC MISC MISC |
telos_alliance -- omnia_mpx_node | A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. | 2022-09-02 | not yet calculated | CVE-2022-36642 MISC MISC MISC MISC |
tinygltf -- tinygltf | The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751 | 2022-09-05 | not yet calculated | CVE-2022-3008 CONFIRM CONFIRM CONFIRM CONFIRM |
vim -- vim | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | 2022-09-03 | not yet calculated | CVE-2022-3099 CONFIRM MISC |
wolfssl -- wolfssl | wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. | 2022-09-02 | not yet calculated | CVE-2021-44718 MISC MISC |
wordpress -- wordpress | The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. | 2022-09-05 | not yet calculated | CVE-2022-2083 MISC MISC |
wordpress -- wordpress | The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-09-05 | not yet calculated | CVE-2022-2271 MISC |
wordpress -- wordpress | The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users | 2022-09-05 | not yet calculated | CVE-2022-2376 MISC |
wordpress -- wordpress | The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts | 2022-09-05 | not yet calculated | CVE-2022-2543 MISC |
wordpress -- wordpress | The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins | 2022-09-05 | not yet calculated | CVE-2022-2565 MISC |
wordpress -- wordpress | The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts | 2022-09-05 | not yet calculated | CVE-2022-2597 MISC |
wordpress -- wordpress | The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF | 2022-09-05 | not yet calculated | CVE-2022-2657 MISC |
wordpress -- wordpress | The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-09-05 | not yet calculated | CVE-2022-2775 MISC |
zyxel -- nas326 | A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. | 2022-09-06 | not yet calculated | CVE-2022-34747 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Continue reading...